
<!DOCTYPE html>
<!--

    Copyright (c) 2017, 2019 Oracle and/or its affiliates. All rights reserved.

    This program and the accompanying materials are made available under the
    terms of the Eclipse Public License v. 2.0, which is available at
    http://www.eclipse.org/legal/epl-2.0.

    This Source Code may also be made available under the following Secondary
    Licenses when the conditions for such availability set forth in the
    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
    version 2 with the GNU Classpath Exception, which is available at
    https://www.gnu.org/software/classpath/license.html.

    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

-->
<!-- Portions Copyright [2019] [Payara Foundation and/or its affiliates] -->
<html lang="en">
  <head>
    <meta charset="utf-8"/>
    <title>create-message-security-provider</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link href="css/style.css" rel="stylesheet">
    <script src="https://use.fontawesome.com/96c4d89611.js"></script>
  </head>
  <body>
<table id="doc-title" cellspacing="0" cellpadding="0">
  <tr>
  <td align="left" valign="top">
  <b>create-message-security-provider</b><br />
  </td>
  </tr>
</table>
<hr />

<table width="90%" id="top-nav" cellspacing="0" cellpadding="0">
	<colgroup>
		<col width="12%"/>
		<col width="12%"/>
		<col width="*"/>
	</colgroup>
	<tr>
		<td align="left">
		<a href="create-managed-thread-factory.html">
			<span class="vector-font"><i class="fa fa-arrow-circle-left" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Previous</span>
		</a>
		</td>

		<td align="left">
		<a href="create-module-config.html">
			<span class=" vector-font"><i class="fa fa-arrow-circle-right vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Next</span>
		</a>
		</td>

		<td align="right">
		<a href="toc.html">
			<span class=" vector-font"><i class="fa fa-list vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Contents</span>
		</a>
		</td>
	</tr>
</table>


<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p><a id="create-message-security-provider-1"></a><a id="GSRFM00045"></a><a id="create-message-security-provider"></a></p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_create_message_security_provider">create-message-security-provider</h2>
<div class="sectionbody">
<div class="paragraph">
<p>enables administrators to create a message security provider, which
specifies how SOAP messages will be secured.</p>
</div>
<div id="sthref421" class="paragraph">
<p>Synopsis</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="prettyprint highlight"><code class="language-oac_no_warn" data-lang="oac_no_warn">asadmin [asadmin-options] create-message-security-provider [--help]
[--target target]
--classname provider_class
[--layer message_layer] [--providertype provider_type]
[--requestauthsource request_auth_source ]
[--requestauthrecipient request_auth_recipient ]
[--responseauthsource response_auth_source ]
[--responseauthrecipient response_auth_recipient ]
[--isdefaultprovider] [--property name=value[:name=value]*]
provider_name</code></pre>
</div>
</div>
<div id="sthref422" class="paragraph">
<p>Description</p>
</div>
<div class="paragraph">
<p>The <code>create-message-security-provider</code> subcommand enables the
administrator to create a message security provider for the security
service which specifies how SOAP messages will be secured.</p>
</div>
<div class="paragraph">
<p>This command is supported in remote mode only.</p>
</div>
<div id="sthref423" class="paragraph">
<p>Options</p>
</div>
<div class="paragraph">
<p>If an option has a short option name, then the short option precedes the
long option name. Short options have one dash whereas long options have
two dashes.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">asadmin-options</dt>
<dd>
<p>Options for the <code>asadmin</code> utility. For information about these
options, see the <a href="asadmin.html#asadmin-1m"><code>asadmin</code>(1M)</a> help page.</p>
</dd>
<dt class="hdlist1"><code>--help</code></dt>
<dt class="hdlist1"><code>-?</code></dt>
<dd>
<p>Displays the help text for the subcommand.</p>
</dd>
<dt class="hdlist1"><code>--target</code></dt>
<dd>
<p>Specifies the target for which you are creating the message security
provider. The following values are valid:<br></p>
<div class="dlist">
<dl>
<dt class="hdlist1"><code>server</code></dt>
<dd>
<p>Creates the provider for the default server instance <code>server</code> and is
the default value.</p>
</dd>
<dt class="hdlist1"><code>domain</code></dt>
<dd>
<p>Creates the provider for the domain.</p>
</dd>
<dt class="hdlist1">cluster_name</dt>
<dd>
<p>Creates the provider for every server instance in the cluster.</p>
</dd>
<dt class="hdlist1">instance_name</dt>
<dd>
<p>Creates the provider for a particular sever instance.</p>
</dd>
</dl>
</div>
</dd>
<dt class="hdlist1"><code>--classname</code></dt>
<dd>
<p>Defines the Java implementation class of the provider. Client
authentication providers must implement the
<code>com.sun.enterprise. security.jauth.ClientAuthModule</code> interface.
Server-side providers must implement the
<code>com.sun.enterprise.security jauth.ServerAuthModule</code> interface. A
provider may implement both interfaces, but it must implement the
interface corresponding to its provider type.</p>
</dd>
<dt class="hdlist1"><code>--layer</code></dt>
<dd>
<p>The message-layer entity used to define the value of the <code>auth-layer</code>
attribute of <code>message-security-config</code> elements. The default is
<code>HttpServlet</code>. Another option is <code>SOAP</code>.</p>
</dd>
<dt class="hdlist1"><code>--providertype</code></dt>
<dd>
<p>Establishes whether the provider is to be used as client
authentication provider, server authentication provider, or both.
Valid options for this property include <code>client</code>, <code>server</code>, or
<code>client-server</code>.</p>
</dd>
<dt class="hdlist1"><code>--requestauthsource</code></dt>
<dd>
<p>The <code>auth-source</code> attribute defines a requirement for message-layer
sender authentication (e.g. username password) or content
authentication (e.g. digital signature) to be applied to request
messages. Possible values are <code>sender</code> or <code>content</code>. When this
argument is not specified, source authentication of the request is not
required.</p>
</dd>
<dt class="hdlist1"><code>--requestauthrecipient</code></dt>
<dd>
<p>The <code>auth-recipient</code> attribute defines a requirement for message-layer
authentication of the receiver of a message to its sender (e.g. by XML
encryption). Possible values are <code>before-content</code> or <code>after-content</code>.
The default value is <code>after-content</code>.</p>
</dd>
<dt class="hdlist1"><code>--responseauthsource</code></dt>
<dd>
<p>The <code>auth-source</code> attribute defines a requirement for message-layer
sender authentication (e.g. username password) or content
authentication (e.g. digital signature) to be applied to response
messages. Possible values are <code>sender</code> or <code>content</code>. When this option
is not specified, source authentication of the response is not
required.</p>
</dd>
<dt class="hdlist1"><code>--responseauthrecipient</code></dt>
<dd>
<p>The <code>auth-recipient</code> attribute defines a requirement for message-layer
authentication of the receiver of the response message to its sender
(e.g. by XML encryption). Possible values are <code>before-content</code> or
<code>after-content</code>. The default value is <code>after-content</code>.</p>
</dd>
<dt class="hdlist1"><code>--isdefaultprovider</code></dt>
<dd>
<p>The <code>default-provider</code> attribute is used to designate the provider as
the default provider (at the layer) of the type or types identified by
the <code>providertype</code> argument. There is no default associated with this
option.</p>
</dd>
<dt class="hdlist1"><code>--property</code></dt>
<dd>
<p>Use this property to pass provider-specific property values to the
provider when it is initialized. Properties passed in this way might
include key aliases to be used by the provider to get keys from
keystores, signing, canonicalization, encryption algorithms, etc.<br>
The following properties may be set:<br></p>
<div class="dlist">
<dl>
<dt class="hdlist1"><code>security.config</code></dt>
<dd>
<p>Specifies the location of the message security configuration file.
To point to a configuration file in the domain-dir`/config`
directory, use the system property
<code>${com.sun.aas.instanceRoot}/config/</code>, for example:
<code>${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml</code>. The
default is domain-dir`/config/ wss-serverconfig-1.0.xml`.</p>
</dd>
<dt class="hdlist1"><code>debug</code></dt>
<dd>
<p>If <code>true</code>, enables dumping of server provider debug messages to the
server log. The default is <code>false</code>.</p>
</dd>
<dt class="hdlist1"><code>dynamic.username. password</code></dt>
<dd>
<p>If <code>true</code>, signals the provider runtime to collect the user name and
password from the <code>CallbackHandler</code> for each request. If <code>false</code>,
the user name and password for <code>wsse:UsernameToken</code>(s) is collected
once, during module initialization. This property is only applicable
for a <code>ClientAuthModule</code>. The default is <code>false</code>.</p>
</dd>
<dt class="hdlist1"><code>encryption.key.alias</code></dt>
<dd>
<p>Specifies the encryption key used by the provider. The key is
identified by its keystore alias. The default value is <code>s1as</code>.</p>
</dd>
<dt class="hdlist1"><code>signature.key.alias</code></dt>
<dd>
<p>Specifies the signature key used by the provider. The key is
identified by its keystore alias. The default value is <code>s1as</code>.</p>
</dd>
</dl>
</div>
</dd>
</dl>
</div>
<div id="sthref424" class="paragraph">
<p>Operands</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">provider_name</dt>
<dd>
<p>The name of the provider used to reference the <code>provider-config</code>
element.</p>
</dd>
</dl>
</div>
<div id="sthref425" class="paragraph">
<p>Examples</p>
</div>
<div class="paragraph">
<p><a id="GSRFM507"></a><a id="sthref426"></a></p>
</div>
<div class="paragraph">
<p>Example 1   Creating a Message Security Provider</p>
</div>
<div class="paragraph">
<p>The following example shows how to create a message security provider
for a client.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="prettyprint highlight"><code class="language-oac_no_warn" data-lang="oac_no_warn">asadmin&gt; create-message-security-provider
--classname com.sun.enterprise.security.jauth.ClientAuthModule
--providertype client mySecurityProvider</code></pre>
</div>
</div>
<div id="sthref427" class="paragraph">
<p>Exit Status</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">0</dt>
<dd>
<p>command executed successfully</p>
</dd>
<dt class="hdlist1">1</dt>
<dd>
<p>error in executing the command</p>
</dd>
</dl>
</div>
<div id="sthref428" class="paragraph">
<p>See Also</p>
</div>
<div class="paragraph">
<p><a href="asadmin.html#asadmin-1m"><code>asadmin</code>(1M)</a></p>
</div>
<div class="paragraph">
<p><a href="delete-message-security-provider.html#delete-message-security-provider-1"><code>delete-message-security-provider</code>(1)</a>,
<a href="list-message-security-providers.html#list-message-security-providers-1"><code>list-message-security-providers</code>(1)</a></p>
</div>
</div>
</div>

<hr />

<table width="90%" id="bottom-nav" cellspacing="0" cellpadding="0">
	<colgroup>
		<col width="12%"/>
		<col width="12%"/>
		<col width="*"/>
	</colgroup>
	<tr>		
		<td align="left">
		<a href="create-managed-thread-factory.html">
			<span class=" vector-font"><i class="fa fa-arrow-circle-left" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Previous</span>
		</a>
		</td>

		<td align="left">
		<a href="create-module-config.html">
			<span class="vector-font"><i class="fa fa-arrow-circle-right vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Next</span>
		</a>
		</td>

		<td align="right">
		<a href="toc.html">
			<span class="vector-font"><i class="fa fa-list vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Contents</span>
		</a>
		</td>
	</tr>
</table>

<span id="copyright">
        <img src="/resource/reference/img/eclipse_foundation_logo_tiny.png" height="20px" alt="Eclipse Foundation Logo" align="top"/>&nbsp;            
        <span >Copyright&nbsp;&copy;&nbsp;2019,&nbsp;Oracle&nbsp;and/or&nbsp;its&nbsp;affiliates.&nbsp;All&nbsp;rights&nbsp;reserved.</span>
</span>

</body>
</html>
